[ZDP] BackTalk to Document Zope Developer's Guide (2.4 edition)/Security

webmaster at zope.org webmaster at zope.org
Wed Dec 3 23:29:51 EST 2003

A comment to the paragraph below was recently added via http://zope.org/Documentation/Books/ZDG/current/Security.stx#3-79


      Objects that are returned from Python Scripts or External
      Methods need to have assertions declared for themselves before
      they can be used in restricted code.  For example, assume you
      have an External Method that returns instances of a custom
      'Book' class. If you want to call this External Method from
      DTML, and you'd like your DTML to be able to use the returned
      'Book' instances, you will need to ensure that your class
      supports Acquisition, and you'll need to make security
      assertions on the 'Book' class and initialize it with the global
      class initializer (just as you would with a class defined in a
      Product). For example::

        # an external method that returns Book instances

        from AccessControl import ClassSecurityInfo
        from Acquistion import Implicit
        import Globals

        class Book(Implicit):

          def __init__(self, title):

          # Create a SecurityInfo for this class
          security = ClassSecurityInfo()

          def getTitle(self):
            return self._title


        # The actual external method
        def GetBooks(self):
          books.append(Book('King Lear').__of__(self))
          books.append(Book('Romeo and Juliet').__of__(self))
          books.append(Book('The Tempest').__of__(self))
          return books

        % Anonymous User - Dec. 3, 2003 11:29 pm:
         typo error in the above source code, line 3, missing 'i' for Acquisition:
           from Acquistion import Implicit

More information about the ZDP mailing list